In recent years, organizations have become dependent on mainframe systems for data storage and data communication. Mainframe systems support seventy to eighty percent of the world's corporate data. At times, said data may consist of personal or private sensitive data such as SSN, credit card numbers, bank account numbers, transactional history and so on.
With the growing number of users accessing the mainframe systems, the chance of unauthorized access of data has also increased. Exposure of the data to an unauthorized user may have a risk of breach to security of the data. Various mechanisms and security control measures are available through which it is possible to restrict unauthorized access to said data. There are scenarios where an individual, for example, an associate employed at the corporate organization may have privileges to view the data having restricted content for accomplishing job related activity thereof. A corporate setup involving privileges given to certain individuals to access restricted content can create a problem. For example, there may be scenarios where said associate may access a part of the restricted content with malicious intentions, and not for job related activity, and hence there is possibility of data leakage. In order to protect sensitive data from being disclosed to authorized users, organizations generally implement data masking techniques for dispensing data on a need-to-know basis. Data masking technique involves masking sensitive data to hide the sensitive data from less privileged or unauthorized users.
Currently, it is possible to implement a data masking solution at multiple locations. For instance, in a proxy-based solution, a masking module may reside at a mainframe server, as proxy server or at client side. Said masking module may enable masking of data while sending the request or receiving a response. However, the data masking based on proxy based solutions may have certain limitations. For example, the proxy based solution face challenges to understand a communication over secured socket (SSL) enabled telnet or any other appropriate secured protocol. Also, in case of a shared mainframe account, if there are any changes being made to the any of the fields of mainframe applications, it may not be possible to track such changes and also the authors making such changes. In addition, a proxy based solution may not be effective to support role based data masking as the data stream between the client and the mainframe server doesn't carry information regarding the same. Moreover, it may be challenging and complex to implement a data restore utility while submitting the data back to the server in a concurrent access to the mainframe. The known data masking solution for mainframe uses pattern matching for detection and masking of sensitive content which in itself is prone to failure by over masking. Terminal emulators are utilized to access the applications installed on the mainframes, thereby providing an interface to access the sensitive data on said applications. Emulator displays the screen of legacy mainframe application and allows users to input data to said applications.